Auth0 Home Blog Docs

Check if user is enrolled in MFA


Hello there!
I was wondering if there was a way to check if the user is enrolled in MFA - ie. entered their phone number - inside of a rule? From what I can tell the user object doesn’t pass around any information other than multifactor: ['guardian'], even though in the raw json I can see a guardian_authenticators attribute.


For as far as I’m aware you can’t check if a user is enrolled. What you can do, is add a bit of data to app_metadata to signal to the rule MFA should be required for that user (something like: ”mfa_enabled”: true). Then deciding to do MFA is as simple as an if statement to check for that particular value.


Yeah we do something like that in a rule but that gets set to trigger the MFA rule, what we want is to know when the user actually enrolls their phone number through MFA - since they user can trigger MFA but never actually enroll with their phone number number


Haven’t been able to test this yet, but it appears you can set selfServiceEnrollment to false to sort of achieve the same thing: only if a user actually enrolled, the widget will display. Again, haven’t been able to test it.